WORLD INTELLECTUAL PROPERTY ORGANIZATION 
Intematicma] Bureau 




PGT 

INTERNATION AL APPUCATON PUBUSHED UNDER TOE PATENT COOPERAT ION TREATY (PCD 

(11) Internationa! Publication Number: WO 99/53391 

(43) International Publication Date: 21 October 1999 (21 .10.99) 



(51) International Patent Classification ^ 
G06F lAK) 



Al 



(21) International AppUcation Number: PCr/US99/08061 

(22) International FBing Date: 14 April 1999 (14.04.99) 



(30) Priority Data: 
09/060.480 



15 April 1998 (15.04.98) 



US 



r7n Annlicant: SUN MICROSYSTEMS. INC. [USAJS]; 901 San 
^ ^ ^ Sio Road. M/S PALOl-521. Palo Alto. CA 94303 (US). 

(72) Inventors: ALEGRE. Alfted. A.; 3212 Upper Lc^ Amme 
Belmont. CA 94002 (US). SHA. Rong. Q.; 1039 Crescent 
T™. Mil^^^ CA 95035 (US). SOLEY. William. R.; 
1 190 Archer Way, Campbell, CA 95008 (US). 

f74) Agents: GARRCTT. Arthur. S.; Finncgan. Henderson. 
Fanabow Garrett & Dunner. LXJ.. 1300 I Street. N.W.. 
Washingtim. DC 20005-3315 (US) et al. 



(81) Designated States; AE. AU AM. AT, AU, AZ. BA. BB. BG. 
KPUBY. CA. CH. CN. CU, CZ. DE. DK. EE. ES. FI. GB. 
GD. GE. GH. GM. HR, HU. ID. IL. IN, IS. IP, KE. KG. 
KP. KR. KZ, LC. LK, LR, LS. LT. LU, tV. MD, MG, MK. 
MN, MW. MX. NO. NZ. PL. PT. RO. RU. SD. SE. SG. SI, ' 
SK. SL. TJ. TM, TO. TT. UA, UG. UZ, VN, YU. ZA. ZW. 
ARIPO patent (GH. GM. KE, LS. MW. SD. SL. SZ. UG. 
ZW). Eurasian patent (AM, AZ. BY, KG. KZ. MD, RU. XT, 
TM). European patent (AT, BE. CH, CY, DE. DK. ES. H. 
FR. GB. GR. IE. IT. LU, MC. NL, PT. SE). OAPI patent 
(BF. BJ. CF. CG. a. CM, GA, GN. GW, ML, MR. NE, 
SN, TD, TG). 



Published 

With mtemational search report. 

Before the ejq?iration of the time limit for amending the 
claims and to be republished in the event of the receipt of | 
amendments. 



(54) 



Titie: APPARATUS AND METHOD FOR TOUSTED NETWORK SECURITY 




(57) Abstract 

A «cion W.V is established for accessing a trusted network from a browser. An authentication process receives idraitification 
A session key ^^^^.^jsiied iot ao^i^^ the user by checking the identification information against an auttientjcation 

database. If the ^^^^^^^^ the user is also retrieved. The user is then presented with access options based on the access nghts 

a i^r profile <»*^fi'»>;j« ^^iS^ t^^^ access page, thi browser forwards an infomiation request to the trusted 

defined m Ac user P^^^'^ J" 7^"?^^^^^^ p„x:esses the information request and session key to form a network request 

The session packets forward^ ^ 

packet. The network ^^^^ V^\:^ii^zxx^cn^c^ to determine if it originated from the speaker object, ami ttusn the key 
U c\Sf^« 1^ -luest isVessed and the information is returned to the 

user for display on the browser. 
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WO 99/53391 

APPARATUS AND METHOD FOR 
TRUSTED NETWORK SECURITY 



I. R ArKGROUN Ti nF TWF. TNVENTION 

A. Field of the Invention 

The present invention relates generally to network security, and in particular to 
apparatus and methods for authenticating a user for allowing access to resources on a trusted 
5 network. 

B. Descriptiop of the Prior Art 

Trusted networks provide security limit access to network resources by controlling 
information passing to, from, and between the resources. For example, information transfer 
10 may be controlled by user identification and authentication, access security levels, and 
physical measures. 

Protecting data residing in a company's trusted network is paramount. The most 
difficult security situations arise when the public is given access to the trusted netwoik, such 
as through the Internet. Web servers residing between the trusted network and the Internet 
15 provide access to databases or legacy appUcations residing within the trusted network, and 

may provide unauthorized access to the trusted network from the Internet. Several techniques 
have been used to make trusted networks more secure from unauthorized access. 

Firewalls are one of the most common forms of security. A firewaU is a system or 
structure that limits outside access to a trusted network by limiting the path through which 

20 information may flow. For example, whenever the outside web server needs access to the 
trusted network, the web server submits a request through a firewall port. The port only 
allows certain protocols, such as HTML, to a specific machine on the trusted netwoik. 
Firewalls alone are not adequate, however, because they control access based on the location 
of the user, rather than the identity of the user. 

25 Middleware is also frequently used. Middleware replaces general protocols, such as 

HTML and SQL, with application-specific protocols. For example, an application issues a 
request for services in an application-specific form to the middleware residing in the trusted 
network. The middleware then receives the request and translates it to a general protocol 
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understood by the server. Intniders, however, can monitor communications between the 
outside web server and trusted network server, and eventually identify the protocol and 
patterns of the packets being handled by the 

middleware. Based on the protocol and patterns, an intruder can access the network to 

5 request a service. 

To prevent an intruder fiom monitoring communications, encryption can be 

incorporated into the architecture. Although effective, encryption does not prevent an 

intruder from breaching security. 

Because no security architecture is 100% secure, multiple security measures are often 
1 0 combined. One approach uses a sub-network that isolates databases from the trusted 

network. If an intruder gains access into the subnet, the worst that can happen is data 

residing within the subnet is compromised, but the rest of the trusted network remains secure. 

This scenario may be adequate in cases where there is no need to interface with other 

databases or legacy systems within the trusted network. 
j5 Fig. 1 is a block diagram showing a typical trusted network security system. The goal 

of the system is to ensure that resources on trusted network 138 are not improperly accessed 

by outside entities, such as client browser 110. Access to trusted network 138 is limited in 

several ways. 

Firewall 118 is the first line of defense for providing security to trusted network 138. 

20 Firewall 118 may, for example, limit the types of protocol transferred from Internet 114 to 
DMZ network 122. Web host 126 processes URL requests from client browser 1 10, and 
forms a request that is sent over trusted network 138 to database server 142. The request is 
sent through firewall 130, which provides yet another line of defense. Firewall 130 may also 
limit the types of information sent by web host 126 to database server 142. 

25 Database server 142 performs a fiirther level of security by insuring that it only 

processes requests received from web host 126. When web host 126 makes a request, web 
host 126 also sends a web server identity code with the request. Database server 142 checks 
the identifier to authenticate that the request is from web host 126. If database server 142 
determines that the request is fiom web host 126, database server 142 retrieves the requested 

30 information fiom database 134, and returns the information to web host 126. Web host 126 
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transmits the requested information to client browser 1 10 over DMZ network 122 and 
Internet 114, 

Although firewalls 1 18 and 130, and authentication of web host 126 by database 
server 142 provide some security, it is still possible for an intruder to breach security and 
5 improperly access resources on the network, such as DB 134. The user at client browser 1 10 
may repeatedly attempt various combinations of access to trusted network 138 until one is 
found that breaks through the system. Therefore, breaches of security are still possible even 
with two firewalls and the web server verification performed by database server 142. What is 
needed then is a higher level of security for tmsted network 138 in order to allow access by 
10 users on the Internet in a controlled and secure manner. 

n. ST IMMARY OF THE INVENTION 

The present invention relates to trusted networks, and in particular to a method and 
apparatus for raising security levels of the trusted network. 

15 A system consistent with the present invention comprises a device for processing an 

original request and key from a requester to foiro a network request; a device for transferring 
the network request to a trusted network; a device for processmg the network request to 
extract the key and original request if the request was processed by the device for processing 
a request and key; and a device for performing the original request if the key is valid. 

20 A method consistent with the present invention comprises processing an original 

request and key from a requester to form a network request; transferring the network request 
to a trusted network; processing the network request to extract the key and original request if 
the request was processed in the step of processing an original request and key; and 
performing the original request if the key is valid. 

25 Another system for providing access to a resource, consistent with the present 

invention, comprises a device for storing a key based on requester authentication; a device 
for forwarding the key to the requester; a device for receiving an original request and the key 
from the requester; a device for processing the original request and the key from the 
requester to form a network request; a device for transferring the network request to a trusted 

30 network; a device for processing the network request to extract the key if the network request 
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was processed by the device for processing the original request and the key; and a device for 
performing the original request if the key is valid. 

Another method for providing access to a resource, consistent with the present 
invention, comprises storing a key based on requester authentication; forwarding the key to 
the requester; receiving an original request and the key from the requester; processing the 
original request and the key from the requester to fom a network request; transferring the 
network request to a trusted network; processing the network request to extract the key if the 
network request was processed by the device for processing the original request and the key; 
and performing the original request if the key is valid. 

The invention overcomes the problems of conventional prior art systems described 
above. Additional advantages of the invention are apparent from the description which 
follows, and may be learned by practice of the invention. It is to be imderstood that both the 
foregoing general description and the following detailed description are exemplary and 
explanatory only and are not restrictive of the invention, as claimed. 

The accompanying drawings, which are incorporated in and constitute a part of this 
specification, illustrate an embodiment of the invention and together with the description 
serve to explain the principles of the invention. 

m. BRIEF DESCRIPTION OF THF DRAWINGS 

The accompanying drawings, which are incorporated in and constitute a part of this 
specification, illustrate an embodiment of the invention and, together with the description, 
serve to explain the advantages and principles of the invention. In the drawings, 

Fig. 1 is a block diagram showing a prior art trusted network security system; 

Fig. 2 is a block diagram showing an architecture consistent with the principles of the 
present invention; 

Fig. 3 is a block diagram of client browser 110; 

Fig. 4 is a flowchart showing the operation of client browser 1 10 when a user first 
attempts to access trusted network 138; 

Fig. 5 is a block diagram showing web host 210 of Fig. 2; 

Fig. 6 is a flowchart showing the processing of web host 210 of Fig. 2; 
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Fig. 7 is a flowchart showing the user authentication process perfonned by login 
process 512; 

Fig. 8 is a flowchart showing processing performed by authentication server 226; 
Fig. 9 is a block diagram showing in greater detail key server 234 and key database 

5 236; 

Fig. 1 0 is a flowchart showing the operation of client browser 1 1 0 when making an 
access request; 

Fig, 1 1 is a flowchart showing the processing of user requests by speaker object ; 
Fig. 12 is a block diagram of access server 222 of Fig. 2; 
10 Fig. 13 is a flowchart showing the processing performed by listener object 1212 of 

Fig. 12; and 

Fig. 14 is a block diagram showing a file security structure that only allows access to 
particular levels of information. 

15 IV. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Apparatus and methods consistent v^dth the principles of the present invention create a 
session key that is stored at a client browser and used to access a trusted network, A session 
key is created the first time a user requests access to a resource on the trusted network. 
Subsequently, whenever the user accesses the trusted network during the session in which the 

20 session key is made, the session key is transmitted with the access request so that the trusted 
network can use the session key to authenticate the user. Fig. 2 is a block diagram showing 
a network system consistent with the principles of the present invention. Client browser 110, 
Internet 1 14, firewall 118, DMZ network 122, firewall 130, DB 134, and trusted network 138 
have been discussed with respect to Fig. 1. The system of Fig. 2 creates a session key for use 

25 in accessing trusted network 138. Creation of the session key will be discussed first, 
followed by use of the session key in accessing resources of the trusted network. 

Creation of a session key is handled primarily by web host 210, authentication server 
226 and key server 234. When the user wants to access trusted network 138, the user sends a 
request from client browser 1 10, over Internet 1 14 and DMZ network 122, to web host 210. 

30 If this is the first attempt to access trusted network 138, web host 210 must log in the user. 
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To log in the user, web host 210 requests user authentication information, such as a 
user ID (UID) and password (PWD), from the user at client browser 110. Upon receiving the 
UID and PWD, web host 210 requests authentication of the UID and PWD from 
authentication server 226. Identifying information other than a UID and PWD could also be 
5 used. 

Authentication server 226 queries authentication database 224 to determine validity of 
the UID and PWD information. If the UID and ?W> are valid, authentication server 226 
receives a user access profile from authentication database 224. Authentication server 226 
then requests a session key from key server 234. Key server 234 creates a unique and 
1 0 unpredictable session key. and stores the session key. the UID, the PWD, and key expiration 
criteria in key database 236. Authentication server 226 then transmits the session key and 
user access profile to web host 210. Web host 210 stores the session key at client browser 
110 using a cookie. 

Web host 210 also sends trusted network access presentation information to client 
1 5 browser 110. The trusted network access presentation information is created based on the 

user access profile, and thus includes only selections for accessing resources that the user has 
access to. 

The user selects an access request fixjm the trusted network access presentation 
information to access trusted network 138. Client browser 1 10 sends the request, for example 
20 a URL associated with the selection, and the session key to web host 210. Web host 210 
processes the request and session key to create a network request packet, and transmits the 

packet to access server 222. 

Access server 222 verifies that the network request packet came fit>m web host 210, 

extracts the session key from the network request packet, and transfers the session key to key 
25 server 234 to determine whether it is valid. Key server 234 compares the session key with 

currently valid session keys to determine if the session key is still valid, and returns the 

results of the session key validity check to access server 222. 

If the session key is still valid, access server 222 performs the request. For example, 

access server 222 may access DB 134, to obtain requested information fix>m, or write 
30 requested information to DB 134. If the request is a read request, access server 222 transmits 

the requested information to web host 210. 
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By using a unique and unpredictable session key for each session from the client 
browser 110, the apparatus and methods consistent with the principles of the present 
invention provide a high level of security for accesses to trusted network 138. The elements 
of Fig. 2 vnll now be discussed in greater detail. 
5 g>.ccjnn Key Creation 

Fig. 3 is a block diagram of client browser 110. Client browser 1 10 is a web browser 
that requests content, such as HTML pages, over Internet 1 14, receives the content, and stores 
the content in memory 318, shown in Fig. 3 as HTML pages 322. Browser 314 also displays 
the HTML pages on display 310 and stores cookies 324 received over Internet 114. 

1 0 "Cookies" are small files placed on a user's computer by a web site. The cookies allow the 
web site to maintain state information at client browser 110. For example, cookies allow the 
web site to collect information on how a user uses the web site. In the present invention, a 
cookie is used to store the session key at client browser 1 10 by web host 210. 

Fig. 4 is a flowchart showing the operation of client browser 1 1 0 the first time a user 

15 attempts to access trusted network 138. Browser 314 first displays the home page on display 
310 (step 410). In response to a request from the user, browser 314 sends a request, such as a 
URL, over Internet 1 14 (step 412), and waits for a response (step 414) by entering a wait state 
for a period of time (step 416). 

If the request is for tnisted network 138, web host 210 receives the request and returns 

20 a login page to client browser 1 10 for display (step 418). The login page prompts the user for 
user authentication infonnation, such as UID and PWD. Browser 3 1 4 receives the UID and 
PWD from the user and forwards the information over Internet 1 1 4 to web host 210 (step 
420), and goes into a wait state (step 422) for a period of time (step 424). Web server 
forwards the UID and PWD to authentication server 226 for authentication. 

25 Whether or not UID and PWD are authenticated, web host 2 1 0 returns trusted 

network access presentation information to client browser 1 10 for display (step 426). If the 
UID and PWD are not authenticated, the presentation information indicates that 
authentication was unsuccessful. If UID and PWD are authenticated, however, web host 210, 
sends trusted network access presentation information and a cookie with the session key and 

30 browser 314 stores the cookie (step 428). The trusted network access presentation 

infonnation has a menu of selections for accessing resources on trusted network 138. 
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Fig. 5 is a block diagram showing web host 210 of Fig. 2. Web host 210 is comprised 
of session manager 510, login process 512, and speaker object 514. Web host 210 may be 
implemented as a typical network server comprised of hardware and software. Session 
manager 510, login process 512, and speaker object 514 represent software modules running 
5 on the server. Session manager 5 1 0 is responsible for coordinating the operations of login 

process 512 and speaker object 514. Additionally, session manager 510 interfaces with DMZ 
network 122 for receiving information from and transmitting ihfonnation to DMZ networic 
122. 

Fig. 6 is a flowchart showing the processing of web host 210 of Fig. 2. Web host 210 
10 ■ fust receives a request from client browser 110 (step 610). If the request contains a cookie 

(step 612: YES) the request is forwarded to speaker object 514 (step 614). If the request 

does not contain a cookie (step 612: NO) the request is checked for UID and PWD 

information (step 616). 

If the UID and PWD information is present (step 616: YES) session manago: 510 
15 forwards the UID and PWD to login process 5 1 2 (step 620). If there is no UID and PWD 

information (step 616: NO), web server returns a login page to client browser 110 (step 618) 

to prompt the user for login information. 

Fig. 7 is a flowchart showing the user authentication process performed by login 

process 512. Login process 512 first receives user authentication information, such as a UID 
20 and PWD, from client browser 1 1 0, and forwards the authentication information to 

authentication server 226 via session manager 510 (step 710), and enters a wait state (step 

712) to wait for the results of the authentication process. 

If authentication server 226 returns a negative authentication (step 714: NO), meaning 

that the UID and PWD were not authenticated, login process 5 1 2 causes session manager 5 10 
25 to return an imauthorized access page to client browser 1 1 0 (step 716). If UID and PWD are 

authenticated (step 714: YES), login process 512 receives a session key and user profile from 

authentication server 226. Login process 512 creates a tmsted network access menu page 

using the user profile and a cookie containing the session key, and forwards the page and 

cookie to client browser 1 10 (step 718). 
30 Fig. 8 is a flowchart shovwng the processing performed by authentication server 226. 

Authentication server 226 first receives the UID and PWD from login process 512 as part of 
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the initial login by the user at client browser 1 10 (step 810). Authentication server 226 
queries authentication database 224 to determine if the UID and PWD are valid (step 812). 
Authentication database 224 stores information defining which users may access resources on 
trusted network 138. Authentication database 224 also stores user profile information that 

5 defines the types of access each user has to the resources on trusted network 138. On the one 
hand, if the UID and PWD are not valid (step 814: NO), authentication server 226 returns an 
invalid status to login process 512 (step 816). On the other hand, if authentication server 226 
receives an indication fiom authentication database 224 that UID and PWD are valid (step 
814: YES), a session key is requested fi-om key servCT 234 (step 818). Key server 234 

10 creates a new key, stores it in key database 236 with the UID and PWD, and expiration 

criteria. 

In addition to receiving a validation indication fi-om authentication database 224, 
authentication server 226 also receives a user profile that specifies the user's access rights to 
trusted network 138. After receiving a new session key &om key server 234, authentication 

15 server 226 returns an indication of the UID and PWD being valid, session key, and the user 
profile to login process 512 (step 820). 

Fig. 9 is a block diagram showing key server 234 and key database 236. Key server 
may be implemented using a processor and memory. Key server 234 includes key manager 
910 and key creator 912. Key manager 910 receives the session key request, along with the 

20 UID and PWD, from authentication server 226, and requests key creation by key creator 912. 

The session key must be unique, unpredictable, and from a sufficiently large number space so 
that it is infeasible to guess its value. For example, a 64-bit or larger random number 
encoded in Base64 may be used. Upon receiving the new session key firom key creator 912, 
key manager 910 stores the session key. UID, and PWD, along with expiration criteria for the 

25 session key, in key database 236. Key manager 910, then transfers the new session key to 
authentication server 226 for transmission to login manager 214. Key manager 910 also 
monitors the expiration criteria, and deletes keys in accordance with the criteria, or when the 
user voluntarily logs out. 

30 T7fi>> nf .Session Kev 
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Fig. 10 is a flowchart showing the operation of client browser 1 10 accessing trusted 
network 138 after the session key has been stored in client browser 110. The user makes a 
selection from the trusted network access web page created by login process 512 using the 
user profile. Browser 314 receives the request (step 1010), and retrieves the cookie holding 
5 the session key (step 1012). Browser 3 1 4 then forwards the request and cookie to web host 
210 (step 1014), and goes into a wait state to wait for the requested information from web 
host 210 (step 1016). When browser 314 receives the requested content, for example in the 
form of an HTML page, the content is displayed (step 1018). If the user does not log off 
(step 1020: NO) the process resumes with receiving another user request. If the user chooses 
10 to log off (step 1020: YES), the client browser forwards a logout request to the web host 
which instructs both the browser and the key server to delete the session key. 

Fig. 1 1 shows processing of user requests to access tmsted network 138 by speaker 
object 514. Speaker object 514 first receives the action request and session key Scorn client 
browser 1 10 (step 1110). In response, speaker object 514 creates a request packet that 
1 5 includes the action request and the session key, sends the packet to access server 222 (step 
1112), and goes into a wait state (step 1 1 14) until a response is received from access server 
222. 

The packet created by speaker object 514 may be created in a variety of ways. For 
example, the packet may be created by merely concatenating a web server identifier, speaker 

20 object identifier, or other identifier, to the session key and URL request received fix>m the 

user. Alternatively, speaker object 514 may sign the packet by encrypting it with the private 
key. The private key could be pre-programmed at speaker object 5 1 4, or may be received 
fix)m trusted network 1 38 (not shown). The packet is created in such a way that when listener 
object 230 receives the packet, the packet can be identified as originating fix)m speaker object 

25 514. 

When speaker object 514 receives a response to the request fix>m access server 222 
(step 1 1 16), speaker object 514 creates a web page based on the response, and sends the web 
page to session manager 510 for transmission to client browser 110 (step 1118). 

Fig. 12 is a block diagram shoAving access server 222 of Fig. 2. Access server 222 is 
30 comprised of access manager 1210 and listener object 1212. Access server may be 

implemented as a network server as is well understood in the art. For example, access server 
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222 may be implemented using a processor and memory. Access manager 1210 interfaces 
access server 222 with trusted network 138, and manages the operations performed by 
listener object 1212. Listener object 1212 is responsible for receiving network requests Gcom 
speaker object 514, verifying the validity of the request, and performing the request if valid. 

Fig. 13 is a flowchart showing the processing performed by listener object 1212. 
Listener object 1212 first receives the network request packet containing the action request 
and session key from speaker object 514 (step 1310). For example, if speaker object 514 
signed the packet using speaker identification information, Ustener object must verify the 
signature before extracting the action request and session key. If the packet is not finom 
speaker object 514, the signature verification process by listener object 1212 fails and the key 
and request sent fi-om speaker object 514 will be rejected by listener object 1212. 

Alternatively, speaker object 514 and listener object 1212 may each have the same 
web server identification information. Speaker object 514 attaches the web server 
identification to the packet, which is verified by listener object 1212 upon receipt. Listener 
object 1212 processes the packet to extract the session key and network access request from 
the packet (step 1311), sends the key to key server 234 for validation (step 1312), and goes 
into a wait state step 1314 to wait for the validation of the session key (step 1314). 

If key server 234 determines that the session key received Scorn listener object 1212 is 
invalid (step 1316: NO), listener object 1212 returns an invalid status indication to speaker 
object 514 (step 1118). If key server 234 returns a UID and access profile and the network 
access request received from speaker object 514 is permitted by the access profile (step 1316: 
YES), listener object 1212 performs the network access request (step 1320). In addition to 
the check against the access profile received from key server 234, applications requiring extra 
fine grained access control may use the UID received from key server 234 in combination 
with a local data base of access rules (not shown) to implement additional access control 
policies. 

The request may include one or more requests for operations by resources on network 
138. Performing the request may, for example, include a read operation on DB 134. After 
performing the request, listener object 1212 returns the requested data (if any) and status of 
the request to speaker object 514 (step 1322). 
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Fig. 14 is a block diagram showing a file security structure that may be used to limit 
user access to particular levels of information. Fig. 14, for example, may represent the data 
structure of DB 1 34. A user associated with a particular UID, PWD, or session key be 
restricted to only accessing particular levels of data. For example, a particular UID may only 
allow access to level three and level four information of Fig. 12. The level access 
information is included in the user profile used by login process 512 to create the network 
access page presented to the user at client browser 1 10, as discussed above. This allows 
trusted network 138 to have varying degrees of protection depending on the particular user at 
client browser 1 10. The user profile may also define a variety of other types of acceptable 
operations for a user. The profile may define, for example, which resource(s) the user can 
use, and the operations that can be performed for the user by the resource. 
ronclusion 

It will be apparent to those skilled in the art that various modifications and variations 
can be made in the network access apparatus and methods consistent with the principles of 
the present invention without departing from the scope or spirit of the invention. Although a 
preferred embodiment has been described above, other variations are possible within the 
spirit and scope consistent with the principles of the present invention. 

For example, speaker object 512 could be located in the client browser 1 10 by using 
Java applets to hnplement the speaker object on client browser 1 10. The user profile stored 
with the authentication information in authentication database 224 may include access levels 
corresponding to each particular user. For example, with respect to Fig. 12, the user having 
access to levels 3 and 4 will have a user profile indicating that the user can only be presented 
with URL selections allowing access to levels 3 and 4. Therefore, when the user profile is 
sent to login process 512, login process 512 creates a user access web page that only allows 
request to levels 3 and 4. 

Other embodiments of the invention will be apparent to those skilled in the art Scorn 
consideration of the specification and practice of the disclosed embodiments. The 
specification and examples are exemplary only, and the true scope and spirit of the invention 
is defined by the following claims and their equivalents. 
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WR CLAIM : 

1 . A system for performing a request, comprising: 

means for processing an original request and key from a requester to form a network 
request; 

means for transferring the network request to a trusted networic; 
means for processing the network request to extract the key and original request if the 
request was processed by the means for processing a request and key; and 
means for performing the original request if the key is valid. 

The system according the claim 1 , wherein the means for processing 

for including in the network request infonnation identifying the means for 

The system according to claim 1, wherein the means for processing comprises: 
means for signing information to form the network request. 

4. The system according to claim 1, furtiier comprising: 

means for storing key information based on authentication of requester identification 

20 information; and 

means for detemiining validity of the key based on the key information. 

5. The system according to claim 1 , wherein the means for performing the 

original request comprises: 
25 means for accessing a trusted networic resource to perform the original request. 



10 2. 

comprises: 

means 
transferring. 
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6. A method for performing a request, comprising: 

processing an original request and key from a requester to form a network request; 
transferring the network request to a trusted network; 

processing the network request to extract the key and original request if the request 
5 was processed in the step of processing an original request and key; and 
performing the original request if the key is valid, 

7. The method according the claim 6, wherein the step of processing an original 
request and key includes the substep of: 

J 0 including intermediate transferor infonnation in the network request. 

8. The method according to claim 6, wherein the step of processing an original 
request and key includes the substep of: 

signing information to form the networic request. 



15 



20 



9. The method according to claim 6, further including the steps of: 
storing key information based on authentication of requester identification 

infonnation; and 

determining validity of the key based on the key information. 

10. The method according to claim 6, wherein the step of performing the original 

request comprises: 

accessing a trusted network resource to perform the original request. 
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11. A computer program product comprising: 

a computer usable medium having computer readable code embodied therein for 
performing a request, the computer usable medium comprising: 

a processing module configured to process an original request and key from a 
5 requester to form a network request; 

a transferring module configured to transfer the network request to a trusted network; 

a processing module configured to process the network request to extract the key and 
original request if the request was processed by the means for processing a request and key; 
and 

10 a performing module configured to perform the original request if the key is valid. 

12. The computer program product of claim 1 1 , wherein the processing module 
configured to process an original request and key comprises: 

an including module configured to include m the network request information 
1 5 identifying the means for transferring. 

13. The computer program product of claim 1 1, wherein the processmg module 
configured to process an original request and key comprises: 

a signing module for signing information to form the network request. 

20 

14. The computer program product of claim 11, fiirther comprising: 

a storing module configured to store key information based on authentication of 
requester identification information; and 

a determining module configured to determine validity of the key based on the key 

25 information. 

1 5. The computer program product of claim 1 1 , wherein the performmg module 
comprises: 

an accessing module configured to access a trusted network resource to perform the 
30 original request. 
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1 6. A system for providing access to a resource, comprising: 
means for storing a key based on requester authentication; 
means for forwarding the key to the requester; 

means for receiving an original request and the key fix)m the requester; 
5 means for processing the original request and the key from the requester to form a 

network request; 

means for transferring the network request to a trusted network; 
means for processing the network request to extract the key if the network request was 
processed by the means for processing the original request and the key; and 
1 0 means for performing the original request if the key is valid. 

1 7. The system according to claim 1 6, further comprising; 
means for authenticating requester identification information; and 

means for creating the key in response to authentication of requester identification 
15 information. 

1 8. The system according to claim 1 6, further comprising: 
means for authenticating requester information; and 

means for forwarding requester access profile information based on the 
20 authentication. 

19. The system according to claim 1 6, further comprising: 
means for receiving user access profile information; 

means for creating display information having user access options based on the user 
25 access profile information; and 

means for forwarding the display information to the requester. 

20. The system according the claim 16, further comprising: 

means for consulting the means for storing a key to determine validity of the extracted 

30 key. 
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2 1 . The system according to claim 16, 

wherein the means for processing the original request and the key comprises means 
for including information identifying the means for transferring; and 

wherein the means for processing the network request comprises means for 
determining if the infomiation identifying the means for transferring matches predetermined 
criteria. 

22. The system according to claim 16 

wherein the means for processing the original request and the key comprises means 
for signing first information to form the networic request; and 

wherein the means for processing the network request comprises means for verifying 
the network request to derive the first information. 
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23 . A method for providing access to a resource, comprising: 
storing a key based on requester authentication; 

forwarding the key to the requester; 
receiving an original request and the key from the requester; 
processing the original request and the key from the requester to form a network 
request; 

transferring the network request to a trusted network; 

processing the network request to extract the key if the network request was processed 
by the step of processing the original request and the key; and 
performing the original request if the key is valid. 

24. The method according to claim 23, further including the steps of: 
authenticating requester identification information; and 

creating the key in response to authentication of requester identification information. 

25. The method according to claim 23, fiurther including the steps of: 
authenticating requester information; and 

forwarding requester access profile information based on the authentication. 

26. The method according to claim 23, fiirther including the steps of: 
receiving user access profile information; 

creating display information having user access options based on the user access 
profile information; and 

forwarding the display information to the requester. 

27. The method according the claun 23, fiirther including the step of: 
determining validity of the extracted key. 
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28, The method according to claim 23, 

wherein the step of processing the original request and the key includes a substep of 
including information identifying a means for transferring the network request; and 

wherein the step of processing the network request includes a substep of determining 
if the information identifying a means for transferring matches predetermined criteria, 

29. The method according to claim 23, 

wherein the step of processing the original request and the key includes a substep of 
signing first information to form the network request; and 

wherein the step of processing the network request includes a substep of verifying the 
network request to derive the first information. 
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30. A computer program product comprising: 

a computer usable medium having computer readable code embodied therein for 
providing access to a resource, the computer usable medium comprising: 

a storing module configured to store a key based on requester authentication; 
5 a forwarding module configured to forward the key to the requester, 

a receiving module configured to receive an original request and the key fi-om the 
requester; 

a processing module configured to process the original request and the key fi-om the 
requester to form a network request; 
10 a transferring module configured to transfer the network request to a trusted network; 

a processing module configured to process the network request to extract the key if 
the network request was processed by the step of processing the original request and the key; 
and 

a performing module configured to perform the original request if the key is valid. 

15 

3 1 . The computer program product of claim 30, fiirther comprising: 

an authenticating module configured to authenticate requester identification 
information; and 

a creating module configured to create the key in response to authentication of 
20 requester identification information. 

32. The computer program product according to claim 30, fiirther comprising: 
an authenticating module configured to authenticate requester information; 

and 

25 a forwarding module configured to forward requester access profile 

information based on the authentication. 
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3 3 . The computer program product of claim 30, further comprising: 
a receiving module configured to receive user access profile information; 
a creating module configured to display information having user access options based 

on the user access profile information; and 

a forwarding module configured to forward the display information to the requester. 

34. The computer program product of claim 30, further comprising: 
a consulting module configured to consult the storing module configured to store a 
key to determine validity of the extracted key. 

3 5 . The computer program product of claim 30, 

wherein the processing module configured to process the original request and the key 
comprises an including module configured to include information in the network request 
identifying the transferring module; and 

wherein the processing module configured to process the network request comprises a 
determining module configured to detemiine if the information identifying a means for 
transferring matches predetermined criteria 

36. The computer program product according to claim 30, 
wherein the processing module configured to process the original request and the key 
comprises an encryption module configured to sign first information to form the network 
request; and 

wherein the processing module configured to process the network request comprises a 
decryption module configured to verify the network request to derive the first infoiroation. 
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